Enable Passwordless Authentication

1. Go to Users » your identity pool » Sign-In and Sign-Up.

2. Add Authentication Methods in the Sign In dropdown menu.

   You can set the following passwordless authentication methods:

   • Passkeys

   • Verification Code

   It is also possible to use Magic Links but only through API integration.

   Remember

   If you wish to integrate with Cloudentity APIs and build your own login page, you must still enable the authentication methods of your choice in your pool settings to be able to successfully authenticate users.

3. You can set one of the authentication methods to preferred by selecting the three dots next to the authentication method of your choice and selecting Change to Preferred.

   Changing an authentication method to preferred results in displaying this authentication method as first available choice for the user when they are to sign in to their account. All other configured authentication methods are still available.

4. In the workspace the Identity Pool is connected to, make sure the token issue policy allows the tokens to be issued with an appropiate amr claim.

   You can do that in workspace Settings » Authorization » Token issue policy.

   For example, by default, the Demo workspace has the NIST-AAL-1 User policy assigned which allows to issue tokens only if the amr authentication context attribute is set to pwd (password). In such case, the policy must allow the amr claim to be set to otp if you are using verification codes or magic links and to pop if you are using passkeys.

Integrate Custom Sign In Pages For Passwordless Authentication

If you wish to use a custom sign in page and integrate it with Cloudentity, see the Integrate Sign In Pages for Passwordless Authentication article.